VYPR

CWE-129

Improper Validation of Array Index

VariantDraftLikelihood: High

Description

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-100

CVEs mapped to this weakness (149)

page 6 of 8
  • CVE-2026-34942MedApr 9, 2026
    risk 0.35cvss 6.5epss 0.00

    Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strings into the Component Model's utf16 or latin1+utf16 encodings improperly verified the alignment of reallocated strings. This meant that unaligned…

  • CVE-2024-38587MedJun 19, 2024
    risk 0.34cvss 5.3epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: speakup: Fix sizeof() vs ARRAY_SIZE() bug The "buf" pointer is an array of u16 values. This code should be using ARRAY_SIZE() (which is 256) instead of sizeof() (which is 512), otherwise it can the still got…

  • CVE-2026-45624MedJun 10, 2026
    risk 0.33cvss 5.1epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when performing a polynomial distortion an out of bounds over-read of 24 bytes can occur when specifying specific arguments. This issue has…

  • CVE-2025-30077MedMar 16, 2025
    risk 0.33cvss 6.2epss 0.00

    Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.28 allows an index out-of-range panic in asn1/aper GetBitString via a zero value of numBits.

  • CVE-2023-20601MedFeb 12, 2026
    risk 0.30cvss epss 0.00

    Improper input validation within RAS TA Driver can allow a local attacker to access out-of-bounds memory, potentially resulting in a denial-of-service condition.

  • CVE-2026-25068MedJan 29, 2026
    risk 0.30cvss epss 0.00

    alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplg_decode_control_mixer1() function reads the num_channels field from untrusted .tplg data and uses it as a loop bound…

  • CVE-2026-6840MedApr 22, 2026
    risk 0.29cvss 5.5epss 0.00

    Missing bounds validation for operator could allow out of range operator-code lookup during model loading Affected version is prior to commit 1.30.0.

  • CVE-2024-21970MedSep 6, 2025
    risk 0.29cvss 4.4epss 0.00

    Improper validation of an array index in the AND power Management Firmware could allow a privileged attacker to corrupt AGESA memory potentially leading to a loss of integrity.

  • CVE-2016-7170MedDec 10, 2016
    risk 0.29cvss 4.4epss 0.00

    The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing…

  • CVE-2026-44310MedMay 15, 2026
    risk 0.28cvss 5.4epss 0.00

    Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0, CertVerifier.Verify() in pkg/git/verifier.go unconditionally dereferences certs[0] after sd.GetCertificates() without checking the slice length. A…

  • CVE-2026-46598MedMay 22, 2026
    risk 0.27cvss 5.3epss 0.00

    For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used.

  • CVE-2025-10158MedNov 18, 2025
    risk 0.21cvss 4.3epss 0.00

    A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue.

  • CVE-2023-31306LowSep 6, 2025
    risk 0.21cvss 3.3epss 0.00

    Improper validation of an array index in the AMD graphics driver software could allow an attacker to pass malformed arguments to the dynamic power management (DPM) functions resulting in an out of bounds read and loss of availability.

  • CVE-2026-40097LowApr 10, 2026
    risk 0.17cvss 3.7epss 0.00

    Step CA is an online certificate authority for secure, automated certificate management for DevOps. From 0.24.0 to before 0.30.0-rc3, an attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key (AK) certificate with an empty Extended Key…

  • CVE-2026-33762LowMar 31, 2026
    risk 0.11cvss 2.8epss 0.00

    go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file…

  • CVE-2022-35737Aug 3, 2022
    risk 0.04cvss epss 0.19

    SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

  • CVE-2014-6317Nov 11, 2014
    risk 0.01cvss epss 0.18

    Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to…

  • CVE-2026-33281Mar 23, 2026
    risk 0.00cvss epss 0.00

    Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session IDs outside of 1-15. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all…

  • CVE-2026-33022Mar 20, 2026
    risk 0.00cvss epss 0.00

    Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Versions 0.60.0 through 1.0.0, 1.1.0 through 1.3.2, 1.4.0 through 1.6.0, 1.7.0 through 1.9.0, 1.10.0, and 1.10.1 have a denial-of-service vulnerability in that allows any user who can…

  • CVE-2026-32937Mar 20, 2026
    risk 0.00cvss epss 0.00

    free5GC is an open source 5G core network. free5GC CHF prior to version 1.2.2 has an out-of-bounds slice access vulnerability in the CHF `nchf-convergedcharging` service. A valid authenticated request to PUT `/nchf-convergedcharging/v3/recharging/:ueId?ratingGroup=...` can…